PDF malware analysis — malicious · 133364c747592abb

MALICIOUS

PDF

34.0 KB

MD5: f55323cf3d524af6d46599d3e3636ccd SHA-1: 52c0beda4b539c16ffa4b9aae368cfaff264eebd SHA-256: 133364c747592abb3a142a7107cb0f5f30d652b5f0f3c5d0fc3668d4ff0dfd6d

74 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The sample is a PDF file flagged as malicious by an ML classifier. Heuristics indicate the presence of JavaScript and the use of ASCIIHexDecode and ASCII85Decode filters, which are commonly used to obfuscate malicious content within PDFs. These factors suggest an attempt to exploit a client execution vulnerability via embedded JavaScript.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.